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DETAILED ACTION 

1. Claims 1-11 and 14-20 have been examined. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 1-1 1 and 14-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
IEEE Standard "Port-Based Network Access Control" (hereinafter IEEE) in view of Juitt et al. 
U.S. Pat. No. 7042988 (hereinafter Juitt). 

4. As per claim 1 , IEEE discloses a method of authenticating an attached function for the 
purpose of permitting access by the attached function to a network services associated with a 
network infrastructure including a network entry device including an IEEE 802. IX Port Access 
Entity (PAE), the method comprising the steps of: 

a. Configuring the network entry device to recognize authentication signals received 
from an attached function (IEEE: page 1 1 figure 6.5: the authenticator system 

• communicate with supplicant using EAPOL protocol through uncontrolled port) ; 

b. Receiving at the network entry device from the attached function one or more 
signal packets (IEEE: page 1 1 figure 6.5: communication of signals); 
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c. Prior to authenticating of the attached function, holding or discarding at the 
network entry device any non-authenticating signals of the one or more signal packets 
(IEEE: page 9 figure 6.2: the effect of authorization on controlled ports); 

d. Forwarding by the network entry device only signal packets from the attached 
function including authentication information to the another network infrastructure 
device for authentication (IEEE: page 1 1 figure 6.5: authentication server system); and 

e. Forwarding non-authenticating signals from the attached function through the 
network entry device only after authentication of the attached function by the PAE 
(IEEE: page 9 figure 6.2: forwarding allowed after successful authentication). 

IEEE does not disclose the network entry device is not configured to operate as a PAE 
authenticator. However, Juitt discloses a gateway device for performing authentication process 
for wireless access points (Juitt: column 2 lines 44-52 and figure 1 A: gateway server provides 
security function in communication with external authentication service; column 3 lines 11-16: 
forward authentication request to gateway server from wireless access points; column 7 lines 36- 
39: gateway server is access point agnostic. . .protocols of any type between client and server can 
be used for the gateway server; column 6 line 41 : 802. IX). It would have been obvious to one 
having ordinary skill in the art to allow the gateway server to serve as network infrastructure 
device/PAE authenticator for plurality of wireless access points that do not have PAE 
functionality because both prior art disclose analogous art toward security in wireless LAN that 
support 802. IX functionality (Juitt: column 2 line 56-57). Therefore, it would have been obvious 
to one having ordinary skill in the art at the time of applicant's invention to combine the 
teachings of Juitt within the system of IEEE because it allows the use of simple and inexpensive 
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access point that are not required to perform sophisticated security functions (Juitt: column 2 
lines 51-52). 

5. As per claim 2, IEEE as modified discloses the method of claim 1 . IEEE as modified 
further discloses the method comprising the step of making the forwarding of non-authenticating 
signals is carried out in OSI layer 2 bridging (IEEE: page 1 1.1: 802. ID standard). 

6. As per claim 3, IEEE as modified discloses the method of claim 2. IEEE as modified 
further discloses the method further comprises the step of examining the signal packets for a 
reserved Media Access Control address and/or Ethernet Type (IEEE: page 10 figure 6.3: MAC 
enable/disable state). 

7. As per claim 4, IEEE as modified discloses the method of claim 1 . IEEE as modified 
further discloses 

8. As per claim 5, IEEE as modified discloses the method of claim 1 . IEEE as modified 
further discloses wherein the network infrastructure includes a plurality of network entry 
devices, each configured to recognize authentication signals to be received from an attached 
function, and not to operate as a PAE authenticator, the method further comprising the step of 
maintaining state for one or more sessions associated with the plurality of network entry devices 
(IEEE: page 64 9.4.4: session statistics). 
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9. As per claim 6, IEEE as modified discloses the method of claim 5. IEEE as modified 
further discloses wherein the step of maintaining state is performed by a tracking function of one 
or more devices of the network infrastructure devices including the plurality of network entry 
devices and the another network infrastructure device (IEEE: page 64 9.4.4: maintain current 
session statistics). 

10. As per claim 7, IEEE as modified discloses the method of claim 1 . IEEE as modified 
further discloses the method comprises the steps of recognizing through a tracking function of 
the network infrastructure authentication success messages and enabling a change of state 
associated with a forwarding function of the network entry device (IEEE: page 28 figure 8.1 : 
port authorized upon authentication success). 

11. As per claim 8, IEEE as modified discloses the method of claim 7. IEEE as modified 
further discloses wherein the tracking function forms part of the network entry device (IEEE: 
page 1 1 figure 6.4: determine if access is authorized). 

12. As per claim 9, IEEE discloses a system to authenticate an attached function for the 
purpose of permitting access by the attached function to network services associated with a 
network infrastructure, the system comprising: 

a. a network entry device including relay function configured to receive and forward 
only authentication signals from the attached function from the attached function and to 
hold or discard any non-authenticating signals received until after the attached function 
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has been authenticated (IEEE: page 1 1 figure 6.5: the authenticator system communicate 
with supplicant using EAPOL protocol through uncontrolled port; page 9 figure 6.2: the 
effect of authorization on controlled ports); and 

b. another network infrastructure device configured to receive from the network 
entry device the forwarded authentication signals for authentication of the attached 
function before permitting the network entry device, through the relay function, to 
forward non-authenticating signals from the attached function (IEEE: page 1 1 figure 6.5: 
authentication server system). 
IEEE does not disclose the network entry device is not configured to operate as a PAE 
authenticator. However, Juitt discloses a gateway device for performing authentication process 
for wireless access points (Juitt: column 2 lines 44-52 and figure 1 A: gateway server provides 
security function in communication with external authentication service; column 3 lines 1 1-16: 
forward authentication request to gateway server from wireless access points; column 7 lines 36- 
39: gateway server is access point agnostic. . .protocols of any type between client and server can 
be used for the gateway server; column 6 line 41 : 802. IX). It would have been obvious to one 
having ordinary skill in the art to allow the gateway server to serve as network infrastructure 
device/PAE authenticator for plurality of wireless access points that do not have PAE 
functionality because both prior art disclose analogous art toward security in wireless LAN that 
support 802. IX functionality (Juitt: column 2 line 56-57). Therefore, it would have been obvious 
to one having ordinary skill in the art at the time of applicant's invention to combine the 
teachings of Juitt within the system of IEEE because it allows the use of simple and inexpensive 
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access point that are not required to perform sophisticated security functions(Juitt: column 2 
lines 51-52). 

13. As per claim 10, IEEE as modified discloses the system of claim 9. IEEE as modified 
further discloses, wherein the relay function forwards the non-authenticating signals in a manner 
compatible with IEEE standard 802.1D or 802.1Q (IEEE: page 1 1.1: 802.1D standard). 

14. As per claim 11, IEEE as modified discloses the system of claim 9. IEEE as modified 
further discloses wherein the relay function is configured to recognize authentication signals for 
a reserved Media Access Control address and/or an Ethernet type (IEEE: page 10 figure 6.3: 
MAC enable/disable state). 

15. As per claim 14, IEEE as modified discloses the system of claim 9. IEEE as modified 
further discloses the method comprises a tracking function to monitor authentication messages 
and to enable a change of state associated with a forwarding function of the network entry device 
(IEEE: page 28 figure 8.1: port authorized upon authentication success). 

16. As per claim 15, IEEE discloses a method of authenticating an attached function for the 
purpose of permitting access by the attached function to network services associated with a 
network infrastructure including a network entry device and another network infrastructure 
device, the another network infrastructure device including attached function authentication 
functionality, the method comprising the steps of: 
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a. configuring the network entry device to recognize authentication signals received 
from an attached function (IEEE: page 1 1 figure 6.5: the authenticator system 
communicate with supplicant using EAPOL protocol through uncontrolled port); 
{ b. forwarding by the network entry device only signal packets including 

authentication information to the another network infrastructure device for authentication 
(IEEE: page 1 1 figure 6.5: authentication server system); and 

f. c. forwarding non-authenticating signals from the attached function through 
the network entry device only after authentication of the attached function by the another 
network infrastructure device (IEEE: page 9 figure 6.2: forwarding allowed after 
successful authentication). 
IEEE does not disclose the network entry device is not configured to operate as a PAE 
authenticator. However, Juitt discloses a gateway device for performing authentication process 
for wireless access points (Juitt: column 2 lines 44-52 and figure 1 A: gateway server provides 
security function in communication with external authentication service; column 3 lines 11-16: 
forward authentication request to gateway server from wireless access points; column 7 lines 36- 
39: gateway server is access point agnostic. . .protocols of any type between client and server can 
be used for the gateway server; column 6 line 41 : 802. IX). It would have been obvious to one 
having ordinary skill in the art to allow the gateway server to serve as network infrastructure 
device/PAE authenticator for plurality of wireless access points that do not have PAE 
functionality because both prior art disclose analogous art toward security in wireless LAN that 
support 802. IX functionality (Juitt: column 2 line 56-57). Therefore, it would have been obvious 
to one having ordinary skill in the art at the time of applicant's invention to combine the 
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teachings of Juitt within the system of IEEE because it allows the use of simple and inexpensive 
access point that are not required to perform sophisticated security functions (Juitt: column 2 
lines.51-52). 

17. As per claim 16, IEEE as modified discloses the method of claim 15. IEEE as modified 
further discloses the method comprises the step of forcing re-authentication of the attached 
function upon loss of signal packet exchange with the network device (IEEE: page 26 8.4.5: 
retransmission of EAP upon loss of packet). 

18. As per claim 17, IEEE as modified discloses the method of claim 15. IEEE as modified 
further discloses wherein the authentication functionality of the another network infrastructure 
device is an IEEE 802. IX Port access entity (Juitt: column 2 lines 44-52 and figure 1 A: gateway 
server provides security function in communication with external authentication service; column 
3 lines 11-16: forward authentication request to gateway server from wireless access points; 
column 7 lines 36-39: gateway server is access point agnostic... protocols of any type between 
client and server can be used for the gateway server; column 6 line 41 : 802. IX). 

19. As per claim 18, IEEE as modified discloses the method of claim 15. IEEE as modified 
further discloses the method comprises the steps of recognizing through a tracking function of 
the network infrastructure authentication success messages and enabling a change of state 
associated with a forwarding function of the network entry device (IEEE: page 28 figure 8.1 : 
port authorized upon authentication success). 
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20. As per claim 19, IEEE as modified discloses the method of claim 15. IEEE as modified 
further discloses the step of transferring one or more signal packets through the network entry 
device in a format compatible with IEEE standard 802. ID or 802.1Q (IEEE: page 1 1.1: 802. ID 
standard). 

21. As per claim 20, IEEE as modified discloses the method of claim 18. IEEE as modified 
further discloses wherein the authentication information includes an Extensible Authentication 
Protocol message (IEEE: page 10 Note: communication would typically be achieved by means 
of EAP connection). 

Response to Arguments 

22. Applicant's arguments filed on 6/1 3/07 have been fully considered but they are not 
persuasive. 

Regarding applicant's remarks, applicant argues that combination of Juitt network entry 
devices are not PAE authenticators and they do not serve to bar non-authenticating signals until 
after authentication. However, the examiner has cited the IEEE standard to discloses the PAE 
functionalities of an access point such that when it is connected to a authentication server, it 
becomes the PAE authenticator, while the examiner agreed that would make the access point an 
PAE authenticator device, the examiner cited Juitt reference to disclose that the access points can 
be coupled to a gateway device (i.e. not authentication server) to act as a central PAE device for 
the access points so that original functionalities of the PAE can still be used without being the 
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PAE authenticator (Juitt: figure 7). Therefore, it would have been obvious to one having ordinary 
skill in the art to combine the teachings of Juitt within the IEEE standard so that authenticator 
functionality of PAE is centralized. 

Conclusion 

23. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shin-Hon Chen whose telephone number is (571) 272-3789. The 
examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Examiner 
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